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Chairman Grassley, Ranking Member Feinstein, and members of the Committee, thank 
you for today’s opportunity to testify regarding the U.S. Department of Homeland Seeurity’s 
(DHS) ongoing efforts to assist with redueing and mitigating risks to our election infrastructure. 
DHS is eager to share with you the progress we have made to establish trust-based partnerships 
with our Nation’s election officials who administer our democratic election processes. 

Recognizing that the 2018 U.S. mid-term elections are a potential target for malicious 
cyber activity, DHS is committed to robust engagement with state and local election officials, as 
well as private sector entities, to assist them with defining their risk, and providing them with 
information and capabilities that enable them to better defend their infrastructure. Safeguarding 
and securing cyberspace is a core homeland security mission. 

Given the foundational role that elections play in a free and democratic society, in 
January 2017 the Secretary of Homeland Security designated election infrastructure as a critical 
infrastructure subsector. Under our system of laws, federal elections are administered by state 
and local election officials in thousands of jurisdictions across the country. These officials 
manage election infrastructure and ensure its security and resilience on a day-to-day basis. 

As such, DHS and our federal partners have formalized the prioritization of voluntary 
cybersecurity assistance for election infrastructure similar to that which is provided to a range of 
other critical infrastructure entities, such as financial institutions and electric utilities. 

Since 2016, DHS’s National Protection and Programs Directorate (NPPD) has convened 
federal government and election officials regularly to share cybersecurity risk information and to 
determine an effective means of assistance. The Election Infrastructure Subsector (EIS) 
Government Coordinating Council (GCC) has worked to establish goals and objectives, to 
develop plans for the EIS partnership, and to lay the groundwork for developing an EIS Sector- 
Specific Plan (SSP). GCC representatives include DHS, the Election Assistance Commission 
(EAC), and 24 state and local election officials. Participation in the council is entirely voluntary 
and does not change the fundamental role of state and local jurisdictions in overseeing elections. 

The Department and the Commission have worked with election industry representatives 
to launch an industry-led Sector Coordinating Council (SCC), a self-organized, self-run, and 
self-governed council with leadership designated by the sector membership. The SCC serves as 
industry’s principal entity for coordinating with the government on critical infrastructure security 
activities and issues related to sector-specific strategies, and policies. This collaboration is 
conducted under DHS’s authority to provide a forum in which government and private sector 
entities can jointly engage in a broad spectrum of activities to coordinate critical infrastructure 
security and resilience efforts which is used in each of the critical infrastructure sectors 
established under Presidential Policy Directive 21, Critical Infrastructure Security and 
Resilience. The process is a well-tested mechanism across critical infrastructure sectors for 
sharing threat information among the federal government and critical infrastructure partners, 
advancing risk management efforts, and prioritizing services available to sector partners in a 
trusted environment. 
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NPPD also engages direetly with eleetion officials—coordinating requests for assistance, 
risk mitigation, information sharing, and incident coordination, resources, and services. In order 
to ensure a coordinated approach from the federal government, NPPD has convened stakeholders 
from across the federal government through an Election Task Force (ETF). The ETF serves to 
provide actionable information and offer assistance to assist election officials with strengthening 
their election infrastructure by reducing and mitigating cyber risk, and increasing resilience of 
their processes. 

Within the context of today’s hearing, I will address the unclassified assessment of 
malicious cyber operations directed against U.S. election infrastructure and our efforts to help 
enhance the security of elections that are administered by jurisdictions around the country. 

Assessing the Threat 

DHS regularly coordinates with the intelligence community and law enforcement 
partners on potential threats to the Homeland. Among non-federal partners, DHS has been 
engaging state and local officials, as well as relevant private sector entities, to assess the scale 
and scope of malicious cyber activity potentially targeting the U.S. election infrastructure. 
Election infrastructure includes the information and communications technology, capabilities, 
physical assets, and technologies that enable the registration and validation of voters; the casting, 
transmission, tabulation, and reporting of votes; and the certification, auditing, and verification 
of elections. 

In addition to working directly with state and local officials, we have partnered with 
trusted third parties to analyze relevant cyber data, including the Multi-State Information Sharing 
and Analysis Center (MS-ISAC), the National Association of Secretaries of State and the 
National Association of State Election Directors. We also used our field personnel deployed 
around the country to help further facilitate information sharing and enhance outreach, which has 
resulted in the identification of suspicious and malicious cyber activity targeting election 
infrastructure. On October 7, 2016, DHS and the Office of the Director of National Intelligence 
(ODNI) released a joint statement on election security and urged state and local governments to 
be vigilant and seek cybersecurity assistance. Our message today remains the same. 

Enhancing Security for Future Elections 

NPPD is committed to ensuring a coordinated response from DHS and its federal partners 
to plan for, prepare for, and mitigate risk to election infrastructure. We understand that working 
with election infrastructure stakeholders is essential to ensuring a more secure election. NPPD 
and our stakeholders are increasing awareness of potential vulnerabilities and providing 
capabilities to enhance the security of U.S. election infrastructure as well as that of our 
democratic allies. 

Election officials across the country have a long-standing history of working both 
individually and collectively to reduce risks and ensure the integrity of their elections. In 
partnering with these officials through both new and ongoing engagements, NPPD is working to 
provide value-added—yet voluntary—services to support their efforts to secure elections. 


2 



Improving Coordination with State, local Tribal, Territorial (SLTT) and Private 
Sector partners. Increasingly, the nation’s eleetion infrastructure leverages information 
teehnology (IT) for effieieney and eonvenienee, but also exposes systems to eyberseeurity risks, 
just like in any other enterprise environment. Just like with other sectors, NPPD helps 
stakeholders in federal departments and ageneies, SLTT governments, and the private seetor to 
manage these eyberseeurity risks. Consistent with our long-standing partnerships with state and 
loeal governments, we have been working with eleetion offieials to share information about 
eyberseeurity risks, and to provide voluntary resources and teehnieal assistanee. 

The National Cybersecurity and Communications Integration Center (NCCIC) works 
with the MS-ISAC to provide threat and vulnerability information to state and loeal offieials. 
Created by DHS over a deeade ago, the MS-ISAC is partially funded by NPPD. The MS-ISAC’s 
membership is limited to SLTT government entities, and all fifty states and U.S. territories are 
members. It has representatives eo-loeated with the NCCIC to enable regular eollaboration and 
aeeess to information and serviees for state ehief information offieers. 

Providing Technical Assistance and Sharing Information. NPPD actively promotes a 
range of serviees ineluding: 

Cyber hygiene service for Internet-facing systems: Through this automated, remote 
sean, NPPD may provide a report identifying vulnerabilities and mitigation recommendations to 
improve the eyberseeurity of systems eonneeted to the Internet, sueh as online voter registration 
systems, eleetion night reporting systems, and other Intemet-eonneeted eleetion management 
systems. 

Risk and vulnerability assessments: We have prioritized State and loeal eleetion 
systems upon request, and inereased the availability of risk and vulnerability assessments 
(RVAs). These in-depth, on-site evaluations inelude a system-wide understanding of 
vulnerabilities, focused on both internal and external systems. We provide a full report of 
vulnerabilities and reeommended mitigations following the testing. 

Incident response assistance: We eneourage eleetion offieials to report suspected 
malieious cyber aetivity to the NCCIC. Upon request, the NCCIC can provide assistance in 
identifying and remediating a eyber ineident. Information reported to the NCCIC is also eritieal 
to the federal government’s ability to broadly assess malieious attempts to infiltrate eleetion 
systems. This technical information will also be shared with other state offieials so they have the 
ability to defend their own systems from similar malicious activity. 

Knowing what to do when a seeurity ineident happens—whether physieal or eyber— 
before it happens, is eritieal. NPPD supports eleetion officials with incident response planning 
including participating in exercises and reviewing ineident response playbooks. Crisis 
eommunieations is eore eomponent of these efforts, ensuring offieials are able to eommunieate 
transparently and authoritatively to their eonstituents when an ineident unfolds. In some eases, 
we do this direetly with state and loeal jurisdietions. In others, we partner with outside 
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organizations. We recognize that securing our nation’s systems is a shared responsibility, and 
we are leveraging partnerships to advance that mission. 

Information sharing: NPPD maintains numerous platforms and services to share 
relevant information on cyber incidents. State election officials may also receive information 
directly from the NCCIC. The NCCIC also works with the MS-ISAC, allowing election officials 
to connect with the MS-ISAC or their State Chief Information Officer to rapidly receive 
information they can use to protect their systems. Best practices, cyber threat information, and 
technical indicators, some of which had been previously classified, have been shared with 
election officials in thousands of state and local jurisdictions. In all cases, the information 
sharing and/or use of such cybersecurity risk indicators, or information related to cybersecurity 
risks and incidents complies with applicable lawful restrictions on its collection and use and with 
DHS policies protective of privacy and civil liberties. 

Classified information sharing; To most effectively share information with all of our 
partners—not just those with security clearances—DHS works with the intelligence community 
to rapidly declassify relevant intelligence or provide tearlines. While DHS prioritizes 
declassifying information to the extent possible, DHS also provides classified information to 
cleared stakeholders, as appropriate. DHS has been working with state chief election officials 
and additional election staff in each state to provide them with security clearances. By working 
with the Office of the Director of National Intelligence and the Federal Bureau of Investigation, 
in February 2018 election officials from each state received one-day read-ins for a classified 
threat briefing while they were in Washington, DC. This briefing demonstrated our commitment 
to ensuring election officials have the information they need to understand the threats they face. 

Field-based cybersecurity advisors and protective security advisors: NPPD has more 
than 130 cybersecurity and protective security personnel available to provide actionable 
information and connect election officials to a range of tools and resources to improve the 
cybersecurity preparedness of election systems; and to secure the physical site security of voting 
machine storage and polling places. These advisors are also available to assist with planning and 
incident management for both cyber and physical incidents. 

Physical and protective security tools, training, and resources: NPPD provides 
guidance and tools to improve the security of polling sites and other physical election 
infrastructure. This guidance can be found at www.dhs.gov/hometown-security . This guidance 
helps to train administrative and volunteer staff on identifying and reporting suspicious activities, 
active shooter scenarios, and what to do if they suspect an improvised explosive device. 

Election Security Efforts Moving Forward 

DHS has made tremendous strides and has been committed to working collaboratively 
with those on the front lines of administering our elections to secure election infrastructure from 
risks. The establishment of government and sector coordinating councils will build the 
foundations for this enduring partnership not only in 2018, but for future elections as well. We 
will remain transparent as well as agile in combating and securing our physical and cyber 
infrastructure. However, we recognize that there is a significant technology deficit across SLTT 
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governments, and State and local election systems, in particular. It will take significant and 
continual investment to ensure that election systems across the nation are upgraded and secure, 
with vulnerable systems retired. These efforts require a whole of government approach. The 
President and this Administration are committed to addressing these risks. 

In closing, there is a fundamental link between public trust in our election infrastructure 
and the confidence the American public places in basic democratic functions. Ensuring the 
security of our electoral process is a vital national interest and one of our highest priorities at 
DHS. Our voting infrastructure is diverse, subject to local control, and has many checks and 
balances. As the threat environment evolves, DHS will continue to work with federal agencies, 
state and local partners, and private sector entities to enhance our understanding of the threat; 
and to make essential physical and cybersecurity tools and resources available to the public and 
private sectors to increase security and resiliency. 

Thank you for the opportunity to appear before the Committee today, and I look forward 
to your questions. 
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